📦 Update subpackage devDependencies

[renovate]

This PR contains the following updates:

Package	Update	Type	Change	Package file	Age	Adoption	Passing	Confidence
actions/dependency-review-action	minor	action	v4.2.5 -> v4.3.2	.github/workflows/dependency-review.yml
rollup (source)	minor	devDependencies	4.16.4 -> 4.17.2	third_party/amp-toolbox-cache-url/package.json
rollup-plugin-json	replacement	devDependencies	4.0.0 -> 4.0.0	third_party/amp-toolbox-cache-url/package.json
step-security/harden-runner	patch	action	v2.7.0 -> v2.7.1	.github/workflows/update-session-issues.yml

See all other Renovate PRs on the Dependency Dashboard

How to resolve breaking changes

This PR may introduce breaking changes that require manual intervention. In such cases, you will need to check out this branch, fix the cause of the breakage, and commit the fix to ensure a green CI build. To check out and update this PR, follow the steps below:

# Check out the PR branch
git checkout -b renovate/subpackage-devdependencies main
git pull https://github.com/ampproject/amphtml.git renovate/subpackage-devdependencies

# Directly make fixes and commit them
amp lint --fix # For lint errors in JS files
amp prettify --fix # For prettier errors in non-JS files
# Edit source code in case of new compiler warnings / errors

# Push the changes to the branch
git push git@github.com:ampproject/amphtml.git renovate/subpackage-devdependencies:renovate/subpackage-devdependencies

This is a special PR that replaces rollup-plugin-json with the community suggested minimal stable replacement version.

---

Release Notes

actions/dependency-review-action (actions/dependency-review-action)

v4.3.2

Compare Source

What's Changed

• Fix package-url parsing for allow-dependencies-licenses by @​juxtin in https://github.com/actions/dependency-review-action/pull/761

Full Changelog: actions/dependency-review-action@v4.3.1...v4.3.2

v4.3.1

Compare Source

What's Changed

This release fixes some bugs related to package-url parsing that were introduced in 4.3.0. See https://github.com/actions/dependency-review-action/pull/753.

Full Changelog: actions/dependency-review-action@V4.3.0...v4.3.1

v4.3.0

Compare Source

New Features

• The deny-packages option can now be used without a version number to exclude all versions of a package.

What's Changed

• Fix action variable name for scorecard by @​lukehinds in https://github.com/actions/dependency-review-action/pull/735
• Fix extra https:// in summary by @​jhutchings1 in https://github.com/actions/dependency-review-action/pull/748
• Bump typescript from 5.3.3 to 5.4.5 by @​dependabot in https://github.com/actions/dependency-review-action/pull/744
• Bump eslint-plugin-github from 4.10.1 to 4.10.2 by @​dependabot in https://github.com/actions/dependency-review-action/pull/737
• Show denied packages with red X by @​juxtin in https://github.com/actions/dependency-review-action/pull/750
• deny-packages configuration option can deny specified version or all packages by @​febuiles and @​bteng22 in https://github.com/actions/dependency-review-action/pull/733

New Contributors

• @​bteng22 made their first contribution in https://github.com/actions/dependency-review-action/pull/733
• @​lukehinds made their first contribution in https://github.com/actions/dependency-review-action/pull/735

Full Changelog: actions/dependency-review-action@v4.2.5...V4.3.0

rollup/rollup (rollup)

v4.17.2

Compare Source

2024-04-30

Bug Fixes

• Fix tree-shaking problems when using spread arguments (#​5503)

Pull Requests

• #​5501: Slightly improve perf report (@​lukastaegert)
• #​5503: fix: rest element should deoptimize parameter values (@​liuly0322)

v4.17.1

Compare Source

2024-04-29

Bug Fixes

• Prevent infinite recursions for certain constructor invocations (#​5500)

Pull Requests

• #​5500: fix: parameter variable infinite recursion error (@​liuly0322)

v4.17.0

Compare Source

2024-04-27

Features

• Track function call arguments to optimize functions only called once or with the same literal values (re-release from 4.16.0) (#​5483)

Bug Fixes

• Reduce browser WASM size to a fraction by changing optimization settings (#​5494)

Pull Requests

• #​5483: feature(fix): function parameter tracking (@​liuly0322)
• #​5488: Report performance in CI (@​TrickyPi)
• #​5489: Create FUNDING.json (@​BenJam)
• #​5492: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​5493: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot])
• #​5494: Use opt-level=z for browser wasm (@​sapphi-red)

step-security/harden-runner (step-security/harden-runner)

v2.7.1

Compare Source

What's Changed

Release v2.7.1 by @​varunsh-coder, @​h0x0er, @​ashishkurmi in https://github.com/step-security/harden-runner/pull/397
This release:

• Improves the capability to inspect outbound HTTPS traffic on GitHub-hosted and self-hosted VM runners
• Updates README to add link to case study video on how Harden-Runner detected a supply chain attack on a Google open-source project
• Addresses minor bugs

Full Changelog: step-security/harden-runner@v2.7.0...v2.7.1

---

Configuration

📅 Schedule: Branch creation - "after 12am every weekday" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.